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Abstract 

We present a method for hierarchically generating sound workflow nets by substitution of nets with multiple inputs 
and outputs. We show that our method is correct and generalizes the class of nets generated by other hierarchical 
approaches. We also identify a new notion of soundness and prove that it is preserved by substitutions. We claim 
that this notion is better suited than *-soundness for use with hierarchical methods, while showing examples that 
*-soundness in the general case is not preserved by substitution. 
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1. Introduction 

Among all the different formalisms for modeling pro- 
cesses Petri nets [ 1 ] offer the distinct benefits of combin- 
ing an easy-to-understand visual notation with a large 
body of practical and theoretical work on efficient and 
effectively reasoning over them. This has made them 
very popular for modeling of and reasoning over busi- 
ness processes and specifically business workflows. For 
describing the latter type of processes a specific class of 
Petri nets, called workflow nets, was introduced which 
feature attractive modeling and analytic properties such 
as easy to verify notions of correctness. They are de- 
fined as Petri nets with one input and one output place, 
representing the beginning and the end of the flow, that 
become strongly connected when we add a transition 
from the output place to the input place. The workflow 
starts with one token in the input place and while the 
workflow is running, it follows the usual firing rules of 
Petri nets. When the net has reached a state where it 
contains exactly one token, which is placed in the output 
place, then it is assumed to have completed correctly. 

The correctness of any model, and therefore also 
workflow nets, ultimately depends on whether it cor- 
rectly models the domain in question. However, certain 



Email addresses: srokalSmimuw . edu . pi (Jacek Sroka), 
a . j . h . hidder sStudelf t . nl (Jan Hidders) 



properties such as the absence of livelocks, deadlocks, 
and other anomalies are desirable and can be checked 
independently of the specific domain. Among these the 
soundness property of the workflow net is considered 
the most important. This notion was originally proposed 
by van der Aalst in |2| and since then several alternate 
notions of soundness have been proposed and studied. 
Informally speaking soundness means two things. First, 
that if we start with an initial token in the input place, 
then no matter how we proceed with the execution of the 
workflow, we can always end up in the final state with 
one token in the output place. Second, that every sub- 
task can be potentially executed, i.e., there is at least one 
correct run of the workflow net in which this subtask is 
executed. An overview of the research on soundness of 
workflow nets with additional decidability results can 
be found in [3]. 

There are roughly two ways to guarantee that pro- 
cess modelers produce sound workflow nets. The first 
is to let them design the workflow as they like and then 
use the different existing algorithms to determine if the 
desired requirements are met, like in Q4j or Q. The 
second is to guide the design and allow only manip- 
ulations and combinations of nets that are guaranteed 
to produce sound nets |6). In this paper we will fol- 
low the second approach and in particular focus on a 
structural approach where the net is constructed in a top- 
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down fashion. This means that the system is designed 
by first specifying a workflow net that provides a high- 
level description of the process by summarizing it at a 
high abstraction level in terms of high-level actions, and 
then refining this workflow net in a stepwise fashion by 
replacing nodes that represent high-level actions with 
workflow nets which describe these actions in more de- 
tail. 

An advantage of such a hierarchical approach is that 
it produces workflow nets with an explicit and natural 
hierarchical structure, which considerably aids the un- 
derstandability of the specification Q . It can for ex- 
ample be used in the design and analysis tool and allow 
the user to zoom in and out of specific parts of the net 
by either expanding or collapsing nodes according to 
the hierarchical structure. In addition the structure can 
often be matched with the organizational hierarchy of 
the organization that hosts the specified workflow, and 
therefore be linked with for example the levels of man- 
agement. 

The specific refinement approach that we will take 
in this paper works as follows. We always start with a 
simple type of net that we already know to have the de- 
sired soundness properties. Then we allow the substitu- 
tion of a single node, either a place or a transition, with 
a workflow net that we also already know to possess 
the desired properties. We will show that for suitable 
soundness properties and specific types of substitutions 
it will hold that the soundness properties are preserved, 
i.e., the result of the substitution also has the soundness 
properties. This allows us to start from a small set of 
simple nets that are known to have the desired proper- 
ties, and then from then generate a larger class of nets 
that also have these properties. This idea of net refine- 
ments is quite old, and the first papers were published 
in the early 90's, like |9|. Methods for stepwise refine- 
ments were studied in numerous papers, including 1 10], 
ifTTI . |[T2l or fl3l . An approach that we will in partic- 
ular focus on is the one presented by van Hee et al. in 
lfl4ll where two large classes of simple workflow nets, 
based on state machines and marked graphs, are iden- 
tified which are readily observed to be sound, and then 
it is shown that when closed under substitution we get 
a larger class of workflow nets, called ST-nets, which 
contains also only sound workflow nets. 

In another similar approach the substitution is used as 
follows. We always start with a net consisting of a single 
place, and allow only the substitution with a finite set of 
simple nets but which are not necessarily workflow nets 
themselves, such as for example by Wachtel et al. in in 
lfT31l and van Hee et al. in fl6l . Interestingly enough, 
this leads to a slightly different class being generated 



then the one in [14], neither strictly larger nor smaller. 
It is the main goal of this paper to investigate the com- 
bination of these two approaches and see if it allows the 
generation of even larger classes of sound nets. 

For the approach chosen in this paper we need a spe- 
cial notion of soundness. This is because, as was ob- 
served by van Hee et al. in fl4l . it is unfortunately in 
general not true that soundness as defined earlier is pre- 
served by substitution, i.e., if we substitute a sound net 
in another sound net the result is not necessarily sound. 
This is related to the fact that although if we execute a 
sound workflow, starting with a single token, then we 
will end up with a single token in the output place and 
no other tokens anywhere, it could be that if we start 
the same workflow with 2 tokens, it does not necessar- 
ily mean that the final marking will have 2 tokens in the 
output place. It can therefore happen that substitution 
of such a workflow net will lead to an unsound net. 

For this reason the notion of A:-soundness was intro- 
duced by van Hee et al, where k is a parameter for which 
whenever we start with k tokens, the net will end with- 
out deadlock having exactly k tokens in the output place, 
while all other places will be unmarked. It was proven 
that ^-soundness forms a strict hierarchy, which means 
that for every k there exist a workflow net which is k- 
sound and not (k + l)-sound. The notion of *-soundness 
is reserved for nets, which are sound for every k. It is 
shown by van Hee et al. in 1 14 1, that this type of sound- 
ness is preserved by substitution for their kind of nets. 
In the same paper van Hee et al. define a large class of 
nets by starting from very simple classes that are syn- 
tactically easy to identify and can be straightforwardly 
shown to be *-sound, and then generating more *-sound 
nets by substitution. 

Since in this paper we consider a more generalized 
notion of substitution that also allows substitution of 
nets with multiple input and output places and allows 
flow edges that arrive in input places and leave from out- 
put places, our approach requires a slightly generalized 
notion of soundness that we call substitution soundness 
and which is indeed preserved by the generalized type 
of substitution that we propose. 

The structure of the paper is as follows. After in- 
troducing the notions of a Petri net, workflow net and 
soundness we propose a new classes of nets, called p- 
WF nets and t-WF nets. Such nets have the border 
nodes being places or transitions respectively. AND- 
OR nets being special classes of p-WF nets and t-WF 
nets are introduced in Section [3] We make some re- 
marks on their properties and specify how the substitu- 
tions are performed. Next, we address the problem of 
soundness preservation during substitution in Section [4] 
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and introduce the notion of substitution-soundness (sub- 
soundness for short). The main two theorems of this 
section state that soundness is preserved when a sub- 
sound t-WF net is substituted for a transition of a sub- 
sound p-WF net or t-WF net and when a sub-sound p- 
WF net is substituted for a place of a sub-sound p-WF 
net or t-WF net. In Section [5] we prove that the intro- 
duced AND-OR nets are sub-sound in general. 

A preliminary version of this paper was presented 
in 2011 at the II th International Conference on Appli- 
cation of Concurrency to System Design in Newcastle 
upon Tyne, United Kingdom, see ifTTl . Apart of provid- 
ing a more elaborate discussion of the results, the main 
extensions in this paper include the complete versions 
of proofs and discussion on whether substitution sound- 
ness is the right notion of soundness, i.e., is the weakest 
condition necessary for constructing nets by refinement. 

2. Basic Terminology 

Let S be a set. A bag (multiset) m over S is a function 
m : S — > N. We use + and - for the sum and the differ- 
ence of two bags and =, <, >, <, > for comparisons of 
bags, which are defined in a standard way. We overload 
the set notation, writing for the empty bag and e for 
the element inclusion. We list elements of bags between 
brackets, e.g. m = [p 2 ,q] for a bag m with m(p) = 2, 
m(q) = 1, and m(x) = for all x £ {p, q). The shorthand 
notation k.m is used to denote the sum of k bags m. The 
size of a bag m over S is defined as |m| = £ SEl s m(s). 

Definition 1 (Petri net). A Petri net is a tuple N = 
(P, T, F) with P a finite set of places, T a finite set of 
transitions suchfhatPnr = 0andF c (TxF)U(FxT) 
the set of flow edges. 

A path of a net is a non-empty sequence (x\, ...,x„) of 
nodes such that for all i such that 1 < i < n — 1 it holds 
that (Xi,Xi+\) e F. Markings are states (configurations) 
of a net and the set of markings of N - (P, T, F) is the 
set of all bags over P and denoted as Mfj. Given a tran- 
sition t e T, the preset »f and the postset f» of t are the 
sets \p | (p, t) e F} and \p \ (t,p) e F}, respectively. 
Analogously we write »p, p» for pre- and postsets of 
places. To emphasize the fact that the preset/postset is 
considered within some net N, we write t^a , a»N- We 
overload this notation further allowing to apply preset 
and postset operations to a set B of places/transitions, 
which is defined as the union of pre-/postsets of ele- 
ments of B. A transition t e T is said to be enabled 
in marking m iff «f < m. For a net N = (P,T,F) with 
markings m\ and ni2 and a transition t e T we write 



ni\ —^N m 2 if t is enabled in ni\ and m-2 = m\ - »t + t». 
For a sequence of transitions <x = {t x , . . . , t„) we write 

a- h h ' t, 
mi >N m n if m i > w ni2 >N ... »jy m m an d 

we write mi — m „, if there exists such a sequence 
o~ e T*. We will write m\ — > m^, m\ — > tn„ and 
mi — > m„, if ./V is clear from the context. 

We generalize the usual notion of workflow net as in- 
troduced by van der Aalst in [2 1 by allowing multiple in- 
put and output places, allowing transitions as input and 
output nodes and also allowing input nodes to have in- 
coming edges and output nodes to have outgoing edges. 

Definition 2 (Workflow net). A place Workflow net 
(pWF net) is a tuple N = (P, T, F, I, O) where (P, T, F) 
is a Petri net with a non-empty set / c P of input places 
and a non-empty set O c P of output places such that 
(1) every node in P U T is reachable by a path from at 
least one node in / and (2) from every node in P U T we 
can reach at least one node in O. A transition Workflow 
net (tWF net) is similar to a place Workflow net except 
that / and O are non-empty subsets of T. A workflow 
net (WF net) is either a pWF net or tWF net. 

A workflow net is called a one-input workflow net if 
/ contains one element, and a one-output workflow 
net if O contains one element. In [2 1 workflow nets 
are restricted to one-input one-output place Workflow 
nets. We generalize this but define for all workflow 
nets the corresponding one-input one-output pWF net 
as follows. The place-completion of a tWF net = 
(P, T, F, I, O) is denoted as pc(A0 and is a one-input one- 
output pWF net that is constructed from Af by adding 
places pi and p„ such that p,» = / and »p = O and 
setting the input set and output set as {/?,} and \p } re- 
spectively. This is illustrated in Figure [1] (a). Note 
that we distinguish / nodes with half unconnected in- 
coming arrows and O nodes with half unconnected out- 
going arrow. The transition-completion of a pWF net 
Af = (P, T, F, I, O) is denoted as tc(A0 and is a one- 
input one-output tWF net that is constructed from Af by 
adding transitions f, and t„ such that f,» = / and •?„ = O 
and setting the input set and output set as {f,} and \t ), 
respectively. This is illustrated in Figure[T](b). 

We will focus in this paper on a particular kind of 
soundness, namely the soundness that guarantees the 
reachability of a proper final state. We generalize this 
for the case where there can be more than one input 
place and these contain one or more tokens in the initial 
marking. We also provide a generalization of sound- 
ness for tWF nets, which intuitively states that, if in total 
there are k firings of input transitions, then the computa- 
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pc(JV) if N is a tWF net tc(JV) if JVis a pWF net 
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Figure 1 : The place completion of a tWF net and a pWF net 

tion will end in an empty marking after in total k firings 
of the output transitions. 

Definition 3 (k and *-soundness). A pWF net N = 

(P, T, F, I, O) is said to be k-sound if for each marking m 
such that k.I — > m it holds that m — > k.O. We call N 
*-sound if it is £-sound for all A: > 1. We say that these 
properties hold for tWF net N if they hold for pc(A0- 

It would be nice if transition-completion would 
not affect the *-soundness of a net just like place- 
completion does (by definition). However this is only 
partially true as is shown in the following theorem. 

Theorem 1. Every pWF net N is *-sound if tc(N) is 
*-sound but not vice versa. 

Proof. Let N = (P, T, F, I, O) and N' = pc(tc(A0) = 
(P',T',F',I',0') with ti and t being the added input 
and output transitions of tc(N), respectively. Recall that 
by definition tc(A0 is *-sound iff pc(tc(A0) is *-sound. 
We assume that tc(A0 is *-sound, that is N' is *-sound. 
Observe that k.F — k.I by letting input transitions f, 
of tc(A0 fire k times. Assume that k.I — m - Since 
TV is embedded in N' it then follows that k.I' — m - 

From the *-soundness of N' it follows that m —>w k.O' 
for some a J e (T')*. However, we can omit the firings 
of t a from o J and obtain cr such that m — k.O. Since 
cr cannot contain f, it follows that m — >n k.O and there- 
fore m — >n k.O. 

The counterexample in Figure [2] shows that not for 
every *-sound pWF net N it holds that tc(N) is *- 
sound. Observe that N is *-sound. However the shown 
pc(tc(A0) is not since from the marking [p,] it can reach 
[b, c] and therefore [b,p ] after which no transition is 
enabled. Since pc(tc(A0) is not 1 -sound, then by defini- 
tion tc(A0 is also not 1-sound and thus not *-sound. 



3. AND-ORnets 

To generate a large class of nets we will consider gen- 
eral substitutions where places and transitions are re- 
placed with pWF nets and tWF nets, respectively. We 



pc(tc(JV)) 




Figure 2: A counterexample showing that *-soundness is not pre- 
served by transition completion and also not under substitution 

introduce for this purpose a notion of substitution that 
is based on the one introduced by van Hee et al. in ifMl 
but generalized so it can substitute nets with multiple 
input nodes and multiple output nodes. 

Definition 4 (Place substitution, Transition substitution). 

Consider two disjoint WF nets N and M, i.e., if 
N = (P,T,F,I,0) and M = (F,T',F',I',0') then 
(Pur)n (P' u 7") = 0. 

Place substitution: If p is a place in N and M is a 
pWF net, then we define the result of substituting pinN 
with M, denoted as N® p M, as the net that is obtained if 
in N we remove p and the edges in which it participates 
and replace it with the net M and edges such that »p' - 
•p for each input place p' e /' of M and p'» = p» 
for each output place p' e O' of M. If p € I then p 
is replaced in the set of input nodes of the resulting net 
with /', i.e., the input set of N ® p M is (/ \ \p)) U /', and 
if p e O then p is replaced in the set of output nodes of 
the resulting net with O', i.e., the output set of N ® p M 
is (O \ {p}) U O' . Otherwise, the input and output sets of 
Af ® p M are the same as the respective sets for N. 

Transition substitution: Likewise, if t is a transition 
in Af and M is a tWF net, then we define the result of 
substituting t in N with M, denoted as Af ®, M, as the 
net that is obtained if in Af we remove t and the edges in 
which is participates and replace it with the net M and 
edges such that = »f for each input transition t' e /' 
of M and f'» = f» for each output transition t' e O' of 
M. If t e / then t is replaced in the set of input nodes of 
the resulting net with /', i.e., the input set of N ®, M is 
(I \ {?}) U and if t e O then t is replaced in the set of 
output nodes of the resulting net with O', i.e., the output 
set of N ® f M is (O \ {?}) U O'. Otherwise, the input and 
output sets of N®, M are the same as the respective sets 
for N. 

The results of a place substitution and transition sub- 
stitution are illustrated in Figure [3] (a) and (b), respec- 
tively. It is not hard to see that if Af and M are WF 
nets and n a node in Af then Af ®„ M is again a WF 
net. It also holds for all WF nets A, B and C that 
(A ® fl B) ® b C = A ® fl (B <g> b C) if b is a node in B, 
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Figure 3: Illustration of place substitution and transition substitution 




pANDnet tAND net pOR net lOR net 



Figure 4: Examples of a pAND, tAND, pOR and tOR nets 

and (A ® a B)®bC — (A ® a C) ®b B if a and b are nodes 
in A. 

We will generate nets by starting from some basic 
classes of nets and allowing substitutions of places with 
pWF nets and transitions with tWF nets. 

Definition 5 (Substitution closure). Given a class C 
of nets we defined the substitution closure of C, denoted 
as S(C), as the smallest superclass of C that is closed 
under transition substitution and place substitution, i.e., 
the following two rules hold: if N and M are disjoint 
nets in S(C) then (1) if M is a pWF net and p a place in 
N then N® p Mis a net in S(C) and (2) if M is a tWF net 
and t a transition in N then N ® t M is a net in S(C). 

As the basic nets with which we will start the gen- 
eration process we will consider the nets that we call 
pAND nets, tAND nets, pOR nets and tOR nets, which 
are all illustrated in Figure |4] with input and output 
nodes on the left-hand side and right-hand side, respec- 
tively. Informally we can describe AND nets as acyclic 
nets that consist only of AND splits and AND joins, 
and OR nets can be described as possibly cyclic nets 
consisting of only OR splits and OR joins. AND and 
OR nets are generalizations of marked graph/T-nets and 
state machines/S-nets [6|, respectively, which both are 
restricted to exactly one input and output node. More 
formally, the AND and OR nets are defined as follows. 



Definition 6 (AND net). An AND net is an acyclic WF 
net (P, T, F, I, O) such that for every place p e P it holds 




not *-sotmd tAND nets not *-sonnd pOR nets 



Figure 5: Examples of tAND and pOR nets that are not *-sound 

that (1) p e / A | • p\ = or p $ I A | • p\ = 1 and (2) 
peOA\p»\=0orp<£OA\p»\ = l. An AND net that 
is a pWF net is called a pAND net, and if it is a tWF net 
it is called a tAND net. 

OR nets are the counterpart of AND nets and are defined 
as follows. 

Definition 7 (OR net). An OR net is a WF net 

(P, T, F, I, O) such that for every transition t e T it holds 
that (1) t e / A | • t\ = or t £ I A | • t\ = 1 and (2) 
t 6 O A \t • | = or t $ O A \t • | = 1. An ORnet that is a 
pWF net is called a pOR net, and if it is a tWF net it is 
called a tOR net. 



Note that OR nets can contain cycles where AND nets 
by definition cannot, but otherwise they are each others 
dual. Also note that for the requirements over the edges, 
being an input node counts as having an input edge, and 
being an output node counts as having an output edge. 
To illustrate why this is so consider the nets (a) and (b) 
in Figure [6] In (a) we a see a pWF net that would be a 
pAND net if we ignored the requirement for input and 
output places. However, it will also be clear that this 
is not a 1 -sound net since the token in the upper-right 
output place might be transferred to the lower-left input 
place, after which we cannot reach the final state. In (b) 
we see a tWF net that would be tOR net if we ignored 
the requirements for input and output places. Also here 
it is easy to see by looking at its place completion that 
this is not a 1 -sound net. For tAND and pOR there are 
no such restrictions on the input and output nodes, since 
in AND nets the places are restricted and in OR nets the 
transitions are restricted. The requirement for acyclicity 
for AND nets is illustrated by the tWF net (c) in Fig- 
ure [6] Clearly this net is not 1 -sound since a run in 
which the transition fires requires an initial token in the 
place. However, its dual where the place is a transition 
and vice versa, is indeed 1 -sound, which explains the 
asymmetry between AND and OR nets. 

For the AND and OR nets as defined here there 
are some straightforward soundness results in that all 
pAND and tOR nets are *-sound, and that for tAND 
and pOR nets this is the case if they are one-input one- 
output nets. The *-soundness of tOR nets follows from 
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(a) a pWF net (b) a tWF net (c) a tWF net with 

with transfer of with transfer of a cycle requiring 

input/output tokens input/output tokens preinitializing tokens 

Figure 6: Unsound nets forbidden by the definition of AND and OR 
nets 



the *-soundness of ST-nets of van Hee et al. given by 
Theorem 17 in [14] and the definition of *-soundness 
for tWF nets by place completion. The *-soundness of 
pAND nets follows from Theorem[T]and the fact that for 
every pAND net N, its transition completion tc(A0 is *- 
sound because pc(tc(A0) is also an ST-net. Note that for 
this reasoning it is crucial that the place completion of 
a tOR net results in a net that is still an OR net, and that 
transition completion of a pAND net results in a net that 
is still an AND net. This is the case since in tOR nets 
and in pAND nets input nodes cannot have incoming 
edges and output nodes cannot have outgoing edges. 

Observe that even without disallowing incoming 
edges for input nodes and outgoing edges for output 
nodes, a place completion of any tAND net results in 
an AND net and a transition completion of any pOR 
net results in OR net, i.e., results in nets that do not 
have AND splits/joins and OR splits/joins intermixed in 
a problematic way. Note also that for multi-input multi- 
output pOR nets an unsound transfer would be possible 
similarly as for pAND nets, but we limit the number 
of input/output places anyway. Finally, even though for 
tAND nets we do not limit the number of these edges 
in the definition, it follows from its acyclicity and exis- 
tence of only one input and one output transition. 

To understand the restriction to one-input one-output 
nets consider the examples of tAND and pOR nets in 
Figure [5] which are all nets with either multiple input 
nodes or multiple output nodes and which are all not 
*-sound. For the presented tAND net examples apply- 
ing the place completion, which is required by the def- 
inition of soundness, would result in a net with AND 
splits/joins and OR splits/joins mixed in a wrong way. 
For the presented pOR net examples the problem orig- 
inates from the nature of allowed OR splits/joins and 
the possibility of unequal numbers of input and output 
places. This is why, while generating nets with place 
and transition substitution, we limit ourselves to the fol- 
lowing classes of nets: the class of pAND nets rep- 
resented by pAND, the class of one-input one-output 
tAND nets represented by lltAND, the class of one- 
input one-output pOR nets represented by llpOR, and 



Figure 7: Example nets from classes pAND, lltAND, llpOR and 
tOR 




Figure 8: An example of the generation of an AND-OR net 

the class of tOR nets represented by tOR (see Figure [7] 
for examples). For one-input one-output tAND nets the 
*-soundness follows immediately from the *-soundness 
of pAND nets because performing place completion of 
one-input one-output tWF nets does not create OR splits 
nor OR joins. For one-input one-output pOR nets we 
cannot refer to *-soundness of ST-nets, because they 
cannot have incoming edges for input places and out- 
going edges for output places. Yet, by its construc- 
tion the number of tokens in the net has to be con- 
stant and by reachability of input and output nodes in 
the definition of workflow net all tokens can be forced 
to reach the output place. Section [5] provides formal 
proofs of stronger sub-soundness properties for all the 
basic classes discussed here. 



Definition 8 (AND-OR net). The class S(pAND U 
lltAND UllpORUtOR) we call the class of AND-OR 
nets. 

An example of the generation of an AND-OR net is 
shown in Figure [8] with on the left-hand side the hier- 
archical decomposition and on the right-hand side the 
resulting net. 



It can be shown that the one-input one-output tAND 
nets are not needed, i.e., we can remove them from the 
initial class without changing the set of nets that can be 
generated. 

Theorem 2. The tAND nets are redundant for generat- 
ing AND-OR nets, i.e., S(pAND U lltAND U llpOR U 
tOR)= S(pAND U llpOR U tOR). 

Proof. Recall that tAND nets do not contain cycles. 
Also note that if we take a one-input one-output tAND 
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(a) (b) 



Figure 9: Examples showing the expressive power of certain classes 

net with input transition f, and output transition t a and 
we remove the begin and end transition, then we are 
left with a pAND net with / = ?,•• and O = »t . So 
every one-input one-output tAND net can be generated 
by starting with an tOR net consisting of a transition 
followed by a place which is again followed by a tran- 
sition, and then substituting the previously mentioned 
pAND net for the place in the middle. 

However, the one-input one-output pOR nets are not 
redundant, because a cycle containing the input and out- 
put nodes cannot be obtained in any other way. 

Theorem 3. The pOR nets are not redundant for gen- 
erating all AND-OR nets, i.e., S(pAND U lltAND U 
llpOR U tOR)D S(pAND u lltAND U tOR). 

Proof. See the counterexample in Figure [9] (a). This 
one-input one-output pOR net cannot be generated by 
using pAND, one-input one-output tAND and tOR nets. 

Of course pAND nets and tOR nets are not redundant 
either, since they allow for multiple input and output 
nodes. 



The AND-OR nets are very similar to the ST nets 
defined in [ 14| by van Hee et al. In fact, the class of 
ST nets is the strict subclass of S(lltAND U llpOR) 
that disallows incoming edges for input nodes and out- 
going edges for output nodes. It is clear that the class 
S(lltAND U llpOR) is a proper subclass of the AND- 
OR nets since it only contains one-input one-output 
WF nets. However there are in addition also one-input 
one-output AND-OR nets that are not in S(lltAND U 
llpOR) as is shown by the following theorem. 

Theorem 4. The class S(lltAND U llpOR) does not 
contain all one-input one-output AND-OR nets. 

Proof. The counterexample is given in Figure[9](b). To 
show that it is an AND-OR net we consider its gener- 
ation in reverse. The transitions A and B form an tOR 
net and can be contracted into a single transition. The 
same for the transitions C and D. The places b and c 
form a pAND net and can be contracted into a single 



place. The result will be a linear net that is in fact both 
a pAND net and a one-input one-output pOR net. To 
see that the example net is not in S(lltAND U llpOR) 
it can be verified that there is no proper subnet that is 
either in lltAND or llpOR and can be contracted into 
a single transition or place, respectively. 

4. Substitution soundness 

Recall that the purpose of this paper is to investigate 
the possibility to generate a large class of *-sound WF 
nets by using substitution. It is unfortunately not true 
that *-soundness is preserved by substitutions as defined 
in this paper. This is because of the possible outgoing 
edges of the output nodes. A counterexample is shown 
in Figure[2]where the presented pWF net can be thought 
of as being constructed by substituting a *-sound net 
N, with input place a and output place c, into an also 
*-sound sequential pWF net. As was discussed in the 
proof of Theorem [T] the resulting net is not 1-sound so 
also not *-sound. Therefore, we introduce a new notion 
of soundness called substitution soundness and study its 
properties. As we will show in Section [5] that all the 
basic classes of nets from the definition of AND-OR 
nets are substitution sound. 

The intuition underlying substitution soundness is 
that it should not matter that during a run of a work- 
flow net we remove seemingly ready tokens from out- 
put places. In other words, it should hold that if the net 
starts with k tokens in the input places, reaches a mark- 
ing with at least k! < k tokens in each output place, and 
we remove these k' tokens from each output place, then 
the net can still finish with k — kf tokens in each output 
place. 

Definition 9 (Substitution soundness). Let 

N = (P, T, F, I, O) be a pWF net. We say that N 
is substitution-sound (or simply sub-sound) if for 
all k > kf > and every marking m' it holds that 
if k.I (m! + k'.O) then m' -U (k - k').0. We 
generalize this property to tWF nets and say that a tWF 
net N is sub-sound if pc(A0 is sub-sound. 

We claim this is in some sense a necessary condition 
to construct 1-sound nets by substitution of nodes in 1- 
sound nets. In particular it can be shown that there is no 
weaker condition that is preserved by substitution and 
implies 1 -soundness. 

Theorem 5. There is no property ofpWF nets that (1) is 
strictly weaker then substitution soundness, i.e., it is im- 
plied by substitution soundness but not vice versa, (2) 
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Figure 10: Illustration of necessity of substitution soundness 

implies 1 -soundness and (3) is preserved by substitu- 
tion. 

Proof. Consider the class of pWF nets illustrated in 



Figure 10 where a pWF net is defined for each value 
of k, which we will call M*. It can be easily observed 
that these nets are 1 -sound, and in fact are substitution 
sound. Now consider a pWF net N that is not substi- 
tution sound such that if we let it start with k tokens 
in the input places and during its run remove k' < k 
tokens from the output places then it cannot reach the 
final marking. If we substitute N in for place d, i.e., 
we consider ®j N, then we obtain a net that is not 
1 -sound. To see this consider the following. We can let 
Mj start with one token in a and run until there are k 
tokens in the input places of N. Then we can run N un- 
til there are k' tokens in its output places. These tokens 
can then be removed by firing k times E. Since after 
this N cannot reach a final state with k - k! in its output 
places, it follows that the net ®j N cannot reach its 
final state. 

The theorem now follows from the previous by the 
following reduction ad absurdum. Assume some prop- 
erty that satisfies (1), (2) and (3) at the same time. Ob- 
serve that Mk will satisfy this property since this prop- 
erty is weaker then substitution soundness. Also ob- 
serve that there has to be pWF net N that satisfies this 
property but is not substitution sound. By (3) it then fol- 
lows that Ma ®d N also has the property an therefore by 
(2) that it is 1 -sound. This, however, contradicts what 
we observed previously, namely that the result is not 1- 
sound. 



Observe that the previous theorem does not estab- 
lish that substitution soundness is necessary in the sense 
that every property that satisfies the three conditions is 
stronger then substitution soundness. This is however 
the case if we add the requirement that that the prop- 

i.e., these nets 



erty must hold for the nets in Figure 10 



Now we prove that sub-soundness is sufficient for 
constructing *-sound nets by substitution. First, note 
that the case where k 1 = describes *-soundness and so 
sub-soundness implies *-soundness. Furthermore, on 
many classes of nets the two notions of soundness coin- 
cide, as is shown by the following two lemmas. 

Lemma 6. For every pWF net N such that all output 
places have no outgoing edges it holds that N is *-sound 
iffN is sub-sound. 

Proof. As already argued it holds that sub-soundness 
implies *-soundness, so the converse remains to be 
shown. Let N = (P, T, F, I, O). Assume that k.I 
(m + k' .0) for some k' such that k > k! > 0. By *- 

cr 

soundness it holds for some cr that (m + k .0) — > k.O. 
However, since the places in O have no outgoing edges 
none of the transitions in cr consumes any of their tokens 

cr 

and so m — > (k - k ).0. 

Note that the restriction mentioned in Lemma [6] is in- 
cluded in the classical definition of WF net by van der 
Aalst [2|. However, with this restriction we would not 
be able to generate all AND-OR nets, not even all those 
that satisfy this restriction. In particular we would not 
be able to do arbitrary loop additions. As an example 
consider Figure|9](b) where we would not be able to add 
a loop to place b. Note that a similar restriction is not 
necessary for tWF nets because for them the soundness 
properties are defined by place completion. Recall also 
that for tOR nets the output transitions cannot have out- 
going edges by definition and for one-input one-output 
tAND nets this follows from the facts that AND nets are 
acyclic and that in a tWF nets it is possible to reach one 
of the output transitions from every place and transition. 

Lemma 7. For every tWF net N it holds that N is *- 
sound iffN is sub-sound. 

Proof. As already argued, it is enough to show that *- 
soundness implies sub-soundness. A tWF net N is by 
definition sub-sound iff pc(A0 is sub-sound. Since in 
pc(A0 the output place has no outgoing edges it follows 
from Lemma|6]that pc(A0 is sub-sound iff it is *-sound. 
Finally, by definition it holds that pc(A0 is *-sound iff 
N is *-sound. 

We now proceed with showing that sub-soundness 
is sufficient for constructing *-sound nets by substitu- 
tion. In Theorems l8l and [TOl we show that sub-soundness 
is preserved while substituting places in pWF nets and 
tWF nets respectively, while in Theorems 14 and 15 we 



should be in the class of nets that we intend to generate 
by substitution, which seems a reasonable requirement. 



show that is also preserved while substituting transitions 
in pWF nets and tWF nets respectively. 
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Theorem 8. If a pWF net N - (P N , T N ,F N ,I N , N ) and 
a disjoint pWF net M — (Pm, Tm, Fm, Im, Om) are sub- 
sound, then for any p e the net N <8> p M is also 
sub-sound. 



M 



Proof. Let N NM = N «y p 
(Pnm,T nm ,F nm J nm ,O nm ). We define S(M,k) 
as the set of markings % of M that represent the fact 
that there are still k "threads" active in M after possibly 
having started with more threads but some of them 
ended by the removal of tokens from O', i.e., for some 
k' > k it holds that k'.F — >m wm + (k' - K).Om- We 
define a simulation relation ~c x M^m such that 
m N ~ m NM represents the fact that m N is the same as 
WjVM except that all (say k) tokens are removed from 
p and replaced by some marking from S(M,k), i.e., 
tn#M = tnpf - [p k ] + m k M for some m k M e S(M, k) with 
k = m N (p). 

We first discuss the idea of the proof and then follow 
with the laborious details. 

It can be shown that ~ indeed defines a kind of 
bisimilarity, i.e., (see Figure 11 

mjv — >n tn' N and ~ m^M, 

ing m' NM e M NM such that m NM ■ 



it holds that (1*) if 
then there is a mark- 



*nm m' NM and m' N 



m NM and ( 2 *) ^ m NM - 
there is a marking m' N 



~*nm m' NM and m N ~ m NM , then 

e Mn such that — >n m' N 
and m' N ~ m' NM . This can be shown with induction on 
the length of <x where for each transition t in <x we dis- 
tinguish for (1*) the cases where p e or not and 
p e t» N or not, and for (2*) we distinguish the cases 
where t is a transition in N or M. 

We then can show the sub-soundness of N® p M using 
(1*) and (2*). The idea of this part is as follows. As- 

sume that k.I NM — *nm {rn NM + k' .Onm) with k > k' > 
0. By (2*) and the fact that k.I^ ~ k.l^M it then follows 
that k.Ix — *n m N such that Wjv ~ (m^M + k' .Onm)- We 
can show that we can assume that = m' N +k' .On with 



m WM' and <2) if m N ~ ™nm and m NM — > NM m' NM , 
then there is a marking m' N such that m N — > N m' N and 
m' N ~ m' NM . Then with induction we generalize (1) and 
(2) to (1*) and (2*), respectively. 

We show (0) as follows. Assume that m N -^>n m ' N 

and m NM — > WM m NM- ^ e a ^ so assume m N ~ m NM, 
which by definition gives m^M = - [p k ] + m k M for 
some m k M e S(M, k) with k = tu^ip). After firing t in 
m NM we get m' NM = (m N - [p k ] + m k M - » NM t + f NM ). 
We consider the four cases for whether p € •n/t or not, 
and p e t» N or not: 

(i) Assume p £ ^^t and p t t»N- In that case »NMt = 
• N t and t» NM = f N and therefore m' NM = (m N - » N t + 

t *n - lp k ] + m M ) and since m N — > N m' N it follows that 
m NM ~ ( m N ~ f/ 7 *] + m M^- Now, it remains to be shown 
that m' N (p) = k which follows from m^ip) = k and 
p t »Aif and p £ This concludes that m' N ~ m' NM . 

(ii) Assume p e and p t ?»/v- In that case 
t'NM — t*N and from the construction of the substitu- 
tion it follows that »NMt = *Nt—[p] + Om and therefore 
m 



NM = (m N -» N t + t • N -[p (k 1} ] + m k M - Ou) and since 



m N 



M 



> W m' N it follows that m' NM = (m' N - [p (k V] + 
- Om)- Then, it holds that (a) m' N (p) = k - 1 be- 
cause niN(p) - k and p e and p t f^, and (b) 
m k M -0 M e S(M,k- 1) since m k M 6 S(M,k). Observe 
that m k M -OM is a valid state, i.e., there is a non-negative 
number of tokens in each place, because we assumed t 
is enabled in Mnm as well p e and the m k M compo- 
nent of niNM covers tokens in places from Pm- From (a) 
and (b) it follows that m' N ~ m' NM . 

(iii) Assume p £ and p e t*^. In that case »NMt = 
•Aff and from the construction of the substitution t»^M — 



(m N 



* N t + t » N 



t m N ~[p] + Im and therefore m' NM - 
-[p {k+l) ] + m k M + I M ) and since m N 
that m' = (m' N - [p^] + m k + I M ). Then, it holds 



t N m' N it follows 



that (a) m' N (p) = k + 1 because m N (p) = k and p £ » N t 
m' N a marking of N. By the sub-soundness of N it holds and p g t , N ^ and (b) m ^ + / M e S(M, + 1) since 6 



that m' 



We can show that m' ~ m NM 



x . N {k-k').0 N 

* 

and so from (1*) it then follows that m NM — >nm m 'nm 
such that (k - k').On ~ m' NM . Although similar to 
(k - k').ON, the m' NM does not have to be the final mark- 
ing (k - k').ONM, yet by using sub-soundness of M it 

can be shown that m' NM — >nm (k - k').ONM- 

We proceed with the proof of (1*) and (2*). We 

first show that (0) if ~ m^M, win — > w m' N and 

m NM *~*nm m' NM , then m' N ~ m' NM . We then use (0) to 

show (1) if niN ~ niNM and — >w ni' N , then there is 

a marking m' NM such that m NM A M m' NM and m NM ~ 



S(M, k). From (a) and (b) it follows that m' N ~ m' NM . 

(iv) Assume p e and p e t»N- In that case »NMt = 
•Nt - [p] + Om and t» NM = t »n -[p] + Im and therefore 



jt + t ■ 



A/ 



Cm + /m) and 
= Qn' N - [p k ] + 



since m N — > N m' N it follows that m' NM 
m k M — Om + Im)- Then, it holds that (a) m' N (p) = k 
because mni(p) = k and p € and p e t»N, and (b) 
m k M - M + Im e S(M,&) since € S(M, fe). Observe 
that - Om + Im is a valid state for the same reasons 
as in (ii). From (a) and (b) it follows that m' N ~ m' NM . 

We have now covered all possible cases and in each 
of them concluded that m' ~ m',, which finishes the 



'N 



NM 
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3m' H , m * — ^.v m's m N 3m' N ™.v — m' w 



m .vi; >m/ m NU m NU y NU m' NM m NM > NM m' NM 

(1*) (2*) 

Figure 1 1 : ~ indeed defines a kind of bisimilarity 



proof of (0). 

We show (1) as follows. Assume that m N -^>n m' N , 
which by definition gives » N t < m N . We also as- 
sume mjv ~ %Mi which by definition gives yiinm = 
mjv - [p k ] + m k M for some m k M e S(M, k) with k = m^ip). 
Since m k M e S(M, fc) and M is sub-sound, it holds that 

m k M — >m k.Oiw, and since M is embedded in NM, it 

* h 
follows that iit-nm — *nm tnN - lp ] + k.OM- Note also 

that rriNM ~ mN - [p k ] + k.OM, because by definition 
k.OM £ S(M, k). Now we observe that since t is a tran- 
sition in N, if t is enabled in m N for Af, by construction 
of NM it is also enabled in m N - [p k ] + k.O M for NM 
regardless of p e »^f. It follows that there is a marking 

m' NM such that m N - [p k ] + k.OM —^>nm m ' NM tnus 
m NM — > NM m' NM . By (0) it follows that m' N ~ m' NM , 
which concludes the proof of (1). 

We show (2) as follows. Assume that m NM -^>nm 
m' NM . We also assume mn ~ mNM, which by definition 
gives m NM = m N - [p k ] + m k M for some m k M e S(M, k) 
with k - mj^(p). We consider the two possible cases: t 
is a transition in N, and t is a transition in M. 

(i) Assume that t is a transition in N. Since t was 
enabled in iiinm for NM, i.e., »NMt < mNM, it will 
also be enabled in m N for N, i.e., » N t < m N . This 
can be shown as follows. Suppose p t » N t, then 
*nmI = »Nt- Since m k M contains only places in M it 
follows from »nm( < m^M = "% - [p k ] + m k M that 
• N t = »nmI < mN- Suppose on the other hand that 
p e » N t, then » NM t = »Nt - [p] + Om and we get 
*nI - [p] + Om < m N — [p k ] + m k M . Both sides of this 
inequality can be limited to N by omitting components 
not from P N , giving - [p] < m N - [p k ]. Since in 
this case k > 1 we get »Arf < m^. Now, since t is en- 
abled in niN for N there will be a marking m' N such that 

nix — >ai m' N and it follows by (0) that m' N ~ m' NM . 

(ii) Assume that t is a transition in M. In this case 
the marking we are looking for is itself. Since »nm( 
are all places in M, it follows that t is enabled in m k M 

for M. So there is m' M such that m k M — >m m' M and 
because t»NM are also all places in M, we have m' M = 
m M ~ * Mt + l * M - Now from our assumptions it follows 
that m' NM = m NM - » M t + fr M = m N - [p k ] + m k M - 



•Mt + t» M = m N - [p k ] + m' M . Since m k M e S(M, k) and 

m k M — '^> M m' M , then it also holds that m' M e S(M,k). 
From the assumption that k = m N {p), it follows that 
m N ~ m' NM , and obviously it also holds that m N — > N 
m N . 

Since in both possible cases it follows that there is a 
marking m' N such that — >w m' N and m' N ~ m' NM , we 
can conclude that this always follows, which concludes 
the proof of (2). 

We can generalize (1) and (2) by using induction 
on the length of <x as follows: (1*) if — >n m' N 
and m N ~ m NM then there is a marking m' NM such 

that m NM — >iVM m' NM and m' N ~ m' NM and (2*) if 
m^M — *nm m NM an( ^ niN ~ m NM, then there is a mark- 
ing m' N such that m# — >;v m' N and m' N ~ m' NM . 

We proceed with the proof of the final part, i.e., prove 
the sub-soundness of N ® p M using (1*) and (2*). The 
full structure of the reasoning is presented in Figure [12] 
Assume that k.I^M — >jvm (mNM + k' .Onm) with k > 
k' > 0. Since I NM = In if P £ In an d Inm - In - 
lp] + if P £ In, it holds that k.I N ~ k.I NM - By (2*) it 
then follows that k.I^ — > w % such that ~ (m^M + 
k .Onm)- 

We now construct m' N - - k' .On and show that 
m' N ~ niNM regardless of p i On or p e On- We start 
with showing the fact that m' N is a valid state, i.e., m N 
includes the tokens we are subtracting from it. Since 
niN ~ {niNM + k' .Onm) for k" = Mn^p) there is m k M e 
S(M, k") such that m N M + kf .Onm = m N - [p k "] + m k ^. 
This gives m N = m N M + k' .Onm + lp k '] - m u . Let 
us consider two cases. For p t On, in which case 
N m = N , this gives m N = m N M + k' -0 N + [p k "] -m k M . 
It remains to observe that substracting the m k M compo- 
nent does not remove any tokens from On because from 
disjointness of Af and M we have On n Pm = 0- For 
p e On, in which case Onm - On - [p] + Om, we 
get m N = m NM + k'.0 N + [p k "] - [p k '] + k'.0 M - m k ^. 
Both sides of the equality have to include the same num- 
ber of tokens in p. Since winm marks only places from 
Pnm = (Pn \ ip}) U P M and k'.0 M - m k ^ only places 
from Pm (and p i Pm), all the tokens in p are given by 
k' .On + [p k "] - [p ]■ It remains to show that k" > k' . 



kJ» 



k.I N 



k.I N 



=m' N + k' .O n 

=> 



k.I NM 



m NM + fc'.Ojv 



m' N + k r .O N 



definition 
of ~ 



m NM r NM m NM 



{k-k').0 N 



(1*) 



>n {k-k').O s 



subsoundness 
of N 



definition 
of ~ 



hvAf {k - k').0 NM 

Figure 12: Structure of the proof of Theorem|4] 



This follows from further examination of the equality 
m N = m NM + k'.0 N + [p k "] - [p k '] + k'.0 M - m k u . This 
time we look at the number of tokens in Om- On the 
left-hand side there are clearly none. On the right hand 
side there are k introduced by k' .Om, and the only neg- 
ative component m k M substract no more than k" of such 
tokens. 

Now we continue with showing that m' N ~ itinm- This 
time from niNM+k -Onm 



m NM = m N -[p k ]+m 



M 



= mpf-[p k ]+m k M we conclude 
-k' .Onm and again consider the 
two cases for p £ N or p e N . If p i N , then NM = 
On and so m^M - % - k' .On - [p k "] + n^ u = m' N - 
[p k "]+m k M andm' N (p) = m N (p)-k' .0 N (p) = k" -0 = k" 



l' N ~ m NM- If P 6 

and so ytlnm — niN~[p 



m k M - k '.0 N + [p k ] - k' .0 M = m N - k'.0 N - [p 

.J" 



A 

k "]+m k M-k.O 



m' M -k.O M = m' N -[p 



k"-k 



-N 
k 



then NM = N - [p] + Om 
mm = m N -[p k "] + 

niNM because mC -k .Om G 
= (m N - k.O N ){p) = m' N (p). 



k .Om, so also then 

we can conclude that m'„ 
S(M, k" - k) and k 

By the sub-soundness of it then holds that m' N — >n 

(k - k').ON- From (1*) it follows that m N M — >jvm m' NM 
such that (k-k').ON ~ m' NM , that is m' NM = (k-k').ON- 
[p x ] + m x M with m x M e S(M,x) and x = (k- k').0 N {p). 
If p i On, then x — and On - Onm, and therefore 
- (k - k).ONM- If p £ Ojv, then x - k - k and 

Because 



JVM 

therefore m'„ 



■. w = (*-* , ).Oj V -[p fr *]+J»^*'. 

M is sub-sound, it holds that m k M k — >m (k - k).OM, 
and since M is embedded in and in this case Onm = 
On ~ [p] + M , it follows that m' NM — > NM (k-k).0 N - 
[p k ~ kJ ] + (k - k).0 M - (k - k).0 N M- This way we 
have shown that in all cases m N M — >jvm m NM — >NM 



(k - k).ONM which concludes the proof. 

We now proceed with the case for place substitution 
in tWF nets. For that we will use the following lemma. 

Lemma 9. For every tWF net N with a place p and a 
disjoint pWF net M it holds that pc(N® p M) = \>c(N)® p 
M. 

Proof. Let N = (Pn, T n ,F n ,In,On) with p e P N and 
M - (Pm, T m , F m , 1m, Om)- In both cases the same 
nodes are added, viz., those of M and p, and p„, see Fig- 
ure[13] Clearly the edges F M are added in the same way. 
Also in both cases afterwards /?,• = In and »p a = On 
because is a tWF net and p £ In and p £ On- For 
nodes p' e Im it holds in both cases that afterwards 
•p' = »nP if p £ In and »p' = {pi} if otherwise. Simi- 
larly for nodes p' e Om afterwards p' '• = p»N if p t On 
and p'» = \p }. Finally, in both cases the final input set 
is \pi) and the final output set is \p }. 

Theorem 10. If a tWF net N is sub-sound and a disjoint 
pWF net M is sub-sound and p is a place in N then 
N ® p M is sub-sound. 

Proof. Assume that a tWF net is sub-sound and 
a pWF net M is sub-sound. By definition of sub- 
soundness for tWF nets it follows that pc(A0 is sub- 
sound. By Theorem [8] it follows that pc(A0 ® p M is 
sub-sound. By Lemma 191 it then holds that pc(A^ ® p M) 
is sub-sound. Finally, by definition of sub-soundness for 
tWF nets, it follows that Af ®„ M is sub-sound. 
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N® M 



pc(JV® JW)=pc(JV)® M 




Figure 13: Place completion is semi-distributive in respect to place substitution 




jV® tc(JV*) 




Figure 15: Sequential transition substitution 




(iV<8> 1 ,tc(A'*))<8 j ,pc(M) = i\T® lt tc(pc(M)) 




Figure 14: Transforming transition substitution to place substitution 



We now proceed with showing that also transition 
substitution preserves sub-soundness. The proof strat- 
egy will be to show that this substitution is equivalent to 
a sequence of transformations with a place substitution 



as is illustrated in Figure 14 The top net is the original 
net N with transition f that is to be replaced with net 
M, the result of which, i.e., N ®,« M, is shown in the 
bottom. The sequence of transformations with a place 
substitution is shown in between. In the second row we 
see N ® t ' tc(N*) where N* is a tWF consisting of tran- 
sition completion of a single place p* . As we show in 
Lemma 11 if N is sub-sound, then N ®* tc(N*) also is 
Next, we see the result of substituting the 
5,. tc(AT) with the pWF net pc(M). Fi- 



sub-sound. 
place p* in N < 
nally, the input and output nodes introduced by the tran- 
sition and place completions are removed, which also 
preserves sub-soundness as follows from Lemma[T2]and 
Lemma ITU 

We begin with the lemma that shows that, see Fig- 
ure 15 if N is sub-sound, then N ®* tc{N*) also is sub- 



sound. 

Lemma 11. If N is a pWF net with a transition t* and 
N* a pWF net that consists of only a single place p*, 
then N <8> t > tc(N*) is sub-sound ifN is sub-sound. 



Proof. Let M = N ®,. tc(N"). We define a relation ~c 
Mat x Mm such that ~ mj* represents the fact that 
m?f is the same as m« except that all (say k) tokens are 
removed from p* and k tokens are added to each of t a »M, 
or in other words, t is fired k times, where t is the 
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output transition added in tc(N*). More formally: ~ 
niM iffwiv = m M - [p* k ] + k.(t »M) where k = m^Cp*)- 
It can then be shown that ~ indeed defines a kind of 
bisimilarity, i.e., it holds that (A*) if — >n m' N and 

m N ~ m M , then m M — > M m' N , and (B*) if m — > M m' M , 

then there is a marking m N such that m — m N and 
mjv ~ niM- Informally this can be shown with induction 
on the length of cr. For each transition s in cr we then 
distinguish for (A*) the cases where s — f or not. Like- 
wise for (B*) we distinguish the cases where s = t t or s 
is a transition in M not equal to f, nor t a (we will argue 
that with these assumptions s + t ). 

We now show by using (A*) and (B*) that M is sub- 
sound if N is sub-sound. Note that, by construction of 
M, N and M have the same input set / and output set O. 
Assume that N is sub-sound and that k.I — >m (niM + 
k .0). By (B*) it follows that k.I — > w m N such that 
m N ~ (m M + k' .0) that is m N - m M + k! .0 - [p* k "] + 
k".{t » M ) where k" - (m M + k'.0)(p*). Since p* <£ O 
we can assume that k" = rrtuip*) an d that m N = {niM — 
[p* k "] +k".(t » M )) + k'.0, i.e., k'.O < m N and get (m N - 
k! .0) ~ niM- From the sub-soundness of N it follows 
that (m N - k'.O) -^> N (k - k').0. Finally, by (A*) it 
follows that n%M — »m (k - k').0 which completes the 
proof of sub-soundness of M. 

We will now formally show the missing (A*) and 
(B*). We start with the following facts: 

(A) If mn — >n ni' N and mjy ~ mm, then ium — >m 
m' N . Proof: If mutip*) = k, then we can fire k times t„ 

and so % — >m m M = % - [p ] + k.{t »M)- Since 
mm ~ niM we also have that — niM — [p* k ] + k.(t »M) 
and so m' M = m N , i.e., m M — > M m N . Either (i) t + t* 
or (ii) t = f. If (i), then by construction of M we have 

•iV r = •Aff an d t» N = t»M and so from m N — > N m' N 
it follows m N — > M m' N . Thus we have shown that 

m M — »m m N — '-^ M m' N . If (ii), then by construc- 
tion of M we have » N t - » M f, and t» N = t » M and 
so from mjv — >n m ^ ar, d the fact that t,»M = *Mt 

k,ta 

it follows nix — >m m N . Thus we have shown that 

* ti,t„ f 

m M — >m m N — > M m N . 

(B) If m — m M , then there is an m N such that 
m — »jv m N and mjy ~ wm- Proof: Because we 
assumed that m is also a marking of N it holds that 
m(p*) = 0, so either (i) t i {M,t \ or (ii) t = f ; . If 
(i), then by construction of M we have » N t - » M t 

and t»N = t»M and so from m — >m it follows 
m -^>n m M- Of course m M ~ m M . If (ii), then by 



N M 




Figure 16: Transition-place pair removal 



construction of M we have •^t* — »Mti and so from 

'< . f 

m — ">m % it follows m — >^ niN for some m^. We 

have mjv - m - » N f + f» N - m - » M f ; + t a » M . On 
the other hand niM — m — *uU + U*m — m — »mU + p* ■ 

By combining these two we get = ntu - P* + t *M 
and because m(p*) — we have m^f(p*) = 1, so by 
definition ~ 

The facts (A) and (B) can be generalized by induction 
on the length of cr as follows: (A*) if — >n m N and 
win ~ niM, then % — >^ mjy, and (B*) if m — >m niM, 
then there is a marking such that m — >^ and 
rriff ~ itim- 

We now proceed with lemmas that show that the re- 
moval of tj and pi as well as p and t preserves sub- 
soundness. These results are similar to those of the ab- 
straction rule of [6|. 

Lemma 12. Let N be a pWF net with transition t* and 
place p* such that = p*, »nP* — t* an d p* is not an 
input nor output place and there are no edges between 
•fit* and p*»M- Furthermore, let M be the pWF net that 
is obtained from N if we remove t* and p* and add all 
the edges in » N t*Xp*»N as illustrated in Figure \l6\ Then 
M is sub-sound ifN is sub-sound. 

Proof. We define a similarity relation ~c x M M 
such that m N ~ m M represents the fact that m M is the 
same as except that all (say k) tokens are removed 
from p* and k tokens are added to each of •?*, or in other 
words, t* is fired k times in reverse. More formally: 
mN ~ Mm holds iff % = m^ - [p* k ] + k.(»Nt*) where 
k = m N (p*). 

It can then be shown that ~ indeed defines a kind 
of bisimilarity, i.e., it holds that (D*) if m^ — >w m' N 
and m N ~ m M , then there is a marking m' M such that 

m M — »m m' M and m' N ~ m' M , (E*) if m M —^m m' M 
and m^ ~ mM, then there is a marking m' N such that 
m N — >n m ' N an d m' N ~ m' M , and (F*) if m — > M m M , 

m — >n m^, n%N ~ n%M and nipf(p*) > then from cr 
we can construct cr' by removing the last m^ip*) oc- 
currences of f and get m — m' N , m' N ~ m M and 



m' N (p*) = 0. Informally this can be shown with induc- 
tion on the length of <x where for each transition / in <x 
we distinguish for (D*) the cases where t = t* and if not 
then p* e » N t or not. Likewise, for (E*) we distinguish 
the cases where p* e m N t or not. Finally, for (F*) we 
observe that all m N (p*) tokens in p* had to placed there 
by t* during cr and that the last of those tokens is not 
needed by the following transitions of cr. 

Now, using (D*), (E*) and (F*), we show that M is 
sub-sound if N is sub-sound. Note that, by construction, 
N and M have the same input set / and output set O, and 
that 0-0. 

Assume that k.I — > M (m M +k'.0). By (E*) it follows 
that k.I — > N m N such that m N ~ (m M + k'.O). By (F*) 
k.I — > N m' N where m'{p*) = and m' N ~ (m M + k'.O). 
By definition of ~ the last two give m' N = (m M + k'.O), 

i.e., k.I — >at (% + k'.O). Now by sub-soundness of N 
it follows that % — >^ (k - k').0). By (D*) niM — >m 
m' M and (k - k').0 ~ m' M . Since (k - k').0(p*) = we 
get m' M = (k- k').0. 

We now will formally show the missing (D*), (E*) 
and (F*). We start with the following facts: 

(A) If m N ~ m M and t such that t + f and » N t < 
niN then »Mt < mM- Proof: Assume that ~ thm, 
t + f and » N t < m N . From m N ~ m M it follows that 
m M = m N -[p* k ]+k.(» N t*) where k = m N (p*). Consider 
the case where p* e Then »Mt = - [p*] + 
•n(* < m N -[p* k ]+k.»fft* = m M where the first equality 
follows from the definition of M and the inequality from 
the observation that in this case k > 1. Consider the 
other case where p* £ » N t. Here from » N t < m N it 
follows that » N t < m N - [p* k ] + k. »n f and we get 
• M t = u N t <m N - [p* k ] + k. » N f = m M . 

(B) If » M t < m then there is an m N ~ m such that 
m — > N m N , » N t < m N . Proof: Assume that » M t < m. 
Consider the case where p* £ » N t. Then » N t = » M t < m 
and so we can take m N = m. Consider the other case 
where p* e » N t. By the construction » N t* < » M t < m, 
i.e., t has to be enabled in Let m N be a marking such 

that m — >n nix that is = m - • ^f* + p* . Since 
•jv? = »m? - m Nt* + p* this implies that < m^. 

(C) If niM ~ mM and — >n m' N and % — *m m' M 

then m' N ~ m' M . Proof: Assume that m N ~ m M and 

t t 
nix — >iv ni N and % — >m m M - Because ~ wim, 

m M = m N - [p* k ] + k.(» N t) where k = m N (p*). Because 

t t 
niN — >ai m N , m N = - + f»^. Because % — >m 

m' M , m' M = mM-»Mt+t»M- By construction and because 

t + f, f M = f N . Now either (i) p* e or (ii) p* i 

• N t. If (i) then k > 1 and » M t = »Nt - [p*] + »Nt*. 

It follows that m' M = (m N - [p* k ] + k.(» N f) - (» N t - 



[p*] + » N f) + t. N ) = m N - [p* {k -V] +(k- l).(m N f - 
• N t + f N = m N -» N t + t m N -[p< k -V] +{k- l).(» N t* = 
m' N - [p <k ~ l) ] + (k- l).(» N t* with m' N (p*) = k - 1 since 
p* e » N t and p* £ f N . Thus m' N ~ m' M . Consider the 
other case (ii) where p* i »^f. Then = 'Nt and 
therefore m' M = (m N - [p* k ] + k.(» N t*) - » N t + f N = 
m N -» N t + t » N -[p* k ] + k.(» N f) =m' N - [p* k ] + k.(» N f) 
with m' N (p*) = k, since p* £ » N t and p* £ f N . Thus 

m ' N ~ m M- 

(D) If m N — > w m' N and m N ~ m M then there is a 

* 

marking m' M such that m M — > M m' M and m' N ~ m' M . 

t 

Proof: Assume that m N — > N m' and Now 
either (i) t = f or (ii) t + f . If (i) then m' N ~ m M and 
so we can take m' M = mm- Consider the case (ii) where 
t + f . By (A) it then holds that t is enabled in m M for 

M, and so m M — ->m m' M for some m' M . By (C) it then 
follows that m' N ~ m' M . 

(E) If m — >m Mm then there is a marking such 
that m — >;v % and m N ~ m M - Proof: Assume that 
m — > M m M . By (B) there is an m N such that m — >n 
win, 'Nt < niN and ~ m. Since < it holds 
that m N -^> N m' N for some m' N . By (C) it then follows 
that m' N ~ m. 

* cr 

(F) If m — > M m M , m — > N m N , m N ~ m M and 
m N(p*) > then from cr we can construct cr' by re- 

cr' 

moving the last occurrence of f and get m — >n ni N , 
m' N ~ m M and m' N (p*) = m N (p*) - 1. Proof: As- 
sume that m — > M m M , m —>n m N< m N ~ m M and 
niNip*) > 0. Since m is a marking of both and M, it 
does not place any tokens in p* which is not present in 
M. So all m N (p*) tokens in p* had to be placed there 
during cr by firing f , which is the only transition that 
can do that, and the token placed there as last is not 
needed by the following transitions of cr. This is due to 
the fact that we do not distinguish individual tokens of a 
place and without the loss of generality we can assume 
that places act as FIFO queues for tokens. Thus a valid 
firing sequence cr' can be constructed from cr by remov- 
ing the last occurrence of f*. Let m — >n m' N . By the 
definition of cr' m' N = m N - p* + • A r/*. It follows that 
m' N ~ m M and m' N (p*) = m N (p*) - 1. 

With induction on the length of cr it follows that (D*) 
if nix — >n m' N and ~ wim then there is a marking 
m' M such that mu — >m m' M and m' N ~ m' M , (E*) if 
% -^->m m' M and m N ~ m M then there is a marking 
m' N such that m N — > N m' N and m' N ~ m' M , and (F*) if 

* cr 

m — > M m M , m — * N m N , m N ~ m M and m N (p*) > 





Figure 17: Place-transition pair removal 

then from <x we can construct <x' by removing the last 

m^ip*) occurrences of f and get m — m N , m N ~ wim 
and m' N (p*) - 0. 

Lemma 13. Let N be a pWF net with place p* and tran- 
sition t such that p*m N — f, •Arf* = p* and p* is not an 
input nor output place and there are no edges between 
•nP* an d Furthermore, let M be the pWF net that 
is obtained from N if we remove p* and t* and add all 
the edges in • N p*Xt*»N as illustrated in Figure \l7\ Then 
M is sub-sound ifN is sub-sound. 

Proof. The proof proceeds analogously to that of the 
preceding Lemma 12 with the relation ~c Mai x Mm 
redefined such that m ~ m' iff m' = m - [p* k ] + k.{t*»N) 
where k = m(p*). 

We are now ready to prove that sub-soundness is pre- 
served by transition substitution. 

Theorem 14. If a pWF net N is sub-sound and a dis- 
joint tWF net M is sub-sound and f is a transition in N, 
then N ®,« M is sub-sound. 

Proof. Let N = (P, T, F, I, O) be a sub-sound pWF net 
containing a transition f, and M = {P',T',F',F,0') a 
sub-sound tWF net. Furthermore, let N* be a pWF net 
consisting of a single new place p* £ P U P'. We will 
construct N <&,• M by a sequence of transformations and 
substitutions where the sub-soundness of the result of 
each step will follow from the sub-soundness of the nets 
used as components. 

Consider the sequence of transformation in Figure 14 
In the top we start with N which by assumption is 
sub-sound. We first substitute t* with tc(N*) and get 
N ®,- tc(N*) which by Lemma [TT] is sub-sound if N 
is sub-sound. Then we substitute p* with pc(M) and 
get (N ® r tc{N*)) ®jf pc(M). Here the sub-soundness 
follows from Theorem [8] and the fact that a place com- 
pletion a sub-sound tWF net is sub-sound by definition. 
Finally we remove nodes f, and p t as well as p and t„ 
by applying Lemmas [12] and [13] respectively. This con- 
cludes the proof that the resulting net N ®,« M is sub- 
sound. 



Theorem 15. If a tWF net N is sub-sound and a disjoint 
tWF net M is sub-sound and t is a transition in N then 
N ® t M is sub-sound. 

Proof. Assume that N is sub-sound tWF net with a tran- 
sition t and M a sub-sound tWF net. By Theorem [T4] it 
follows that pc(N)®,M is sub-sound. Since by Lemma|9] 
it holds that pc(N ®, M) = pc(A0 ®, M, it follows that 
pc(N®,M) is sub-sound. By definition of sub-soundness 
of tWF nets it then holds that N ®, M is sub-sound. 

Corollary 16. If N and M are disjoint sub-sound WF 
nets and n is a node in N then N ® „M (if defined) is a 
sub-sound WF net. 

Proof. This follows from the fact that Theorem[8] The- 
orem[10] Theorem[14]and Theorem[15]cover all possible 
combinations of Af and M being pWF nets or tWF nets. 

5. Sub-soundness of AND-OR nets 

In this section we show that all AND-OR nets are 
sub-sound. First we show that the AND nets and OR 
nets from which AND-OR nets are generated are. 

Theorem 17. Every one-input one-output pOR net is 
sub-sound. 

Proof. Since in OR nets transitions cannot have mul- 
tiple input/output places it can be shown by induction 
on the length of cr that (A) if \m\ - k and m — > m! 
then \m'\ = k. Let = {/?,} and On = {p }- For each 
place p in a pOR net Af it holds that [p t ] — > [p] and 
[p] — > [p ] since there must be paths from p-, to p and 
from p to p and each transition in those paths has one 
input edge and one output edge. Thus, it also follows 
that (B) if \m\ = k, then k.[pi] — > m and m — > k.[p ]. 

We now show the sub-soundness requirement. As- 
sume that k. Iff — > (m + k' .On)- Since |£Jjv| = = 
k.\[pi]\ - kit follows by (A) that \m + k'.0 N \ = k. Since 
\m + k'.0 N \ = \m\ + \k'.0 N \ and \k.O N \ = \k.[p ]\ = 
k * \[p„]\ = k it follows that |m] = k - k' . By (B) it 
then follows that m — > (k - k').[p ] — (k - k').ON- 

Theorem 18. Every tOR net is sub-sound. 

Proof. Consider a tOR net Af. By the definition of *- 
soundness of tWF nets it holds that Af is *-sound if 
pc(A0 is *-sound. Observe that pc(A0 is an one-input 
one-output pAND net, because Af by definition it does 
not have and incoming edges of the input places nor 
outgoing edges of the output places. By Theorem 17 
it holds that pc(A0 is sub-sound and therefore *-sound. 
By Lemma[7]it follows that Af is sub-sound. 
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Theorem 19. Every pAND net is sub-sound. 

Proof. Consider a pAND net N. Thanks to the limit 
on the number of incoming edges of the input places 
and outgoing edges of the output places in the definition 
of AND net tc(N) is a one-input one-output tAND net. 
Also tc(A0 does not have incoming edges of the input 
transition nor outgoing edges of the output transition. 
By Theorem 17 in lfl4ll we get that pc(tc(A0) is *-sound 
which by definition gives proves that tc(N) is *-sound. 
By TheoremJTJit follows that N is sub-sound and there- 
fore *-sound. Therefore by Lemma [6] it follows that N 
is sub-sound. 

Theorem 20. Every one-input one-output tAND net is 
sub-sound. 

Proof. Consider a one-input, one-output tAND net N. 
It's input transition cannot have incoming edges nor 
its output transition cannot have outgoing edges, since 
those would have to introduce cycles. By Theorem [T9| 
it follows that pc(N) is sub-sound, so also *-sound, and 
thus N in *-sound. Therefore by Lemma [7] it follows 
that N is sub-sound. 

Corollary 21. All AND-OR nets are sub-sound. 

Proof. By the Theorem [17] Theorem [18] Theorem [20] 
and Theorem [19] the initial nets are all sub-sound, and 
by Corollary[l6]substitution preserves sub-soundness. 



6. Future Research 




(a) (b) 
Figure 18: Counterexample for the completeness of AND-OR nets 

Another potential research direction is the extension 
of the class by introducing new forms of substitution 
that still can be considered hierarchical. For example, 
it might be allowed that not only substitute nodes but 
also edges: an edge from a place to a transition could 
be replaced with a workflow net starting with a single 
place and ending with a single transition. In general 
such substitutions do not preserve sub-soundness, but 
they can be syntactically restricted such that they do. To 
illustrate, such substitutions could be used to generate 
Figure[TH](a) from the AND-OR net in Figure[L8](b) by 
substituting the edges (A, a), (A, b), (B, a) and (B, b). 

Yet another possible generalization can be achieved 
by weakening the requirement that a substitution links 
all the input and output nodes in the same way. For ex- 
ample, it could be allowed that a transition is replaced 
with a tAND net with a single input transition and sev- 
eral output transitions such that (1) each output transi- 
tion in the tAND net is linked to at least one place in 
the postset of the replaced transition and (2) each place 
in the postset of the replaced transition is linked with 
exactly one output transition in the tAND net. Also this 



would allow us to generate Figure 18 (a) from the AND 



OR net in Figure 18 (b) by substituting the transitions A 
and B. 



The class of AND-OR nets can be researched further 
in several ways. One direction could be to attempt to 
characterize the class in terms of syntactic and semantic 
properties. As was shown all the nets in it are sound, 
even sub-sound, and it is also not hard to see that they 
are all free-choice nets, but it certainly not true that the 
class contains all sub-sound free-choice nets as is show 
in Theorem [22] So it remains open which semantic 
property characterizes the AND-OR nets. 

Theorem 22. Not all free-choice sub-sound workflow 
nets are AND-OR nets. 



Proof. The counterexample is given in Figure 18 (a) 
(taken from |[IH ). 



7. Conclusions 

We have presented an approach for designing sound 
workflow nets in a structured way. This method is based 
on the notion of a substitution of one node by a work- 
flow net with input and output nodes being of the same 
type as the substituted node. The substituted nets can 
have multiple inputs and outputs, which is an extension 
to the previously considered substitutions as it allows to 
generate more general class of nets. We have identified 
a notion of soundness that is preserved by such substitu- 
tions and corrected a small omission in an earlier similar 
method. 
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